Something Smells Phishy
Phishing and identity theft appear to be the greatest long-term problems.
Banks have good reason to fear their strategy to shut branches and encourage online account management will crash on the rocks of fear. Mean-spirited script-kiddies, and the far more threatening force of criminals who seem to launch their codes from poorly policed states, such as those in Eastern Europe, are out to get our money.
Their phishing code is developing quickly. Scripts are now being written that can overwrite your own destination in the taskbar. If you typed in westpac.com.au, that's where you'd think you would go. But a compromised browser will go to a spoof site and you'll have no way of knowing what's going on.
Microsoft's security lead, Ben English, says you may even be a member of a "bot army" - that is, your own machine has had a virus that leaves undetectable code that can be activated to turn your PC into a "slave machine".
"We need to move fast before the confidence falls out of the bottom of the market," says Coroneos, a director of a company called Net Alert, which is drafting a suggested curriculum for state education departments. "I think the worst thing for a child is to have their identity stolen online. They might never know until they are older and begin life and try to get a credit rating. I have done a lot of work with developing guidelines for the OECD, and created the mission of creating a culture of security, which makes the problem everyone's responsibility to solve."
We are the proverbial bull's roar from that culture today. There are a number of local joint ventures going on, such as the Authentication Taskforce to help protect individuals' online identity. This group - consisting of the IIA, eBay, travel firm Zuji, nineMSN, Yahoo!, RSA Security and others - will conduct an independent stocktake of authentication technologies, using government funds to test their usability for the business and consumer markets. It will develop a push-marketing campaign to highlight the findings. Of course, the greatest challenge is to explain what authentication and identity theft actually means, and why anyone should care.
English, who stresses he is goaled on customer satisfaction rather than fiscal performance, says consumer security is the number one priority and fast becoming a preoccupation at Microsoft. Given the fact that it is his software that has been exploited so many times, one might be forgiven for not expecting anything less.
"We spend millions of dollars globally as part of the 'Protect Your PC campaign'," says English. Currently, there are some 50,000 CDs in the local market with security updates - a useful but not significant number given the fact that more than one in two Australian homes has a PC. However, English says activity will step up when Windows XP Service Pack 2 is released. We might even see some action in the shopping malls.
"What Microsoft and the industry must do is make security transparent so that the user doesn't even know they have it, or that it is being updated over their Internet connection," says English. Most people don't understand what a firewall can do, or nor do they care. Security must happen by default. That is where I want to get to."
He cites a series of surveys conducted by the UK technology site, The Register. Its staff offered 171 commuters a chocolate egg in exchange for their password and got a 70 percent hit rate. The previous year, nine out of 10 people handed over their details in exchange for an el-cheapo pen.
While any CIO might smile at the audacity of such a survey, those idiots at the train station could be your colleagues compromising your security for a piece of chocolate.
Which makes security everyone's issue. Including yours.
If you need assistance to take up the challenge, the leading security vendors and the IIA will surely give you assistance with established education programs and material.
Mark Hollands is principal of the new research and consultancy company, ITR. He is a former vice president of Gartner and IT editor of The Australian. He was hit by the Bugbear virus last November and it cost him $280 and two days productivity to save his data and fix up his PC
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.